CCC.Logging.TH02: Unauthorized Data Transfer Out of a Trusted Boundary
Threat ID:CCC.Logging.TH02
Title:Unauthorized Data Transfer Out of a Trusted Boundary
Description:
Sensitive log data, including PII, financial transaction details, or system vulnerabilities, is exfiltrated directly from the logging service's query or API interfaces by authorized but malicious insiders or compromised accounts exploiting legitimate access.
Related Capabilities
| ID | Title | Description |
|---|---|---|
| CCC.Core.F06 | Access Control | The service automatically enforces user configurations to restrict or allow access to a specific component or a child resource based on factors such as user identities, roles, groups, or attributes. |
| CCC.Core.F14 | API Access | The service exposes a port enabling external actors to interact programmatically with the service and its resources using HTTP protocol methods such as GET, POST, PUT, and DELETE. |
External Mappings
Controls
| ID | Title | Objective | Control Family | Threat Mappings | Guideline Mappings | Assessment Requirements |
|---|---|---|---|---|---|---|
| CCC.Logging.C06 | Detect and Alert on Potential Log Exfiltration | Identify and alert on anomalous data access patterns that may indicate an attempt to exfiltrate log data. | Logging and Monitoring | 1 | 5 | 1 |